System Design Approach for Control of Differentially Private
Dynamical Systems

Raman Goyal, Dhrubajit Chowdhury, and Shantanu Rane R. Goyal, D. Chowdhury, and S. Rane are with Palo Alto Research Center - Part of SRI International, Palo Alto, CA, USA. {raman.goyal, dhruba.chowdhury, shantanu.rane}@sri.com,

Abstract

This paper introduces a novel approach to concurrently design dynamic controllers and correlated differential privacy noise in dynamic control systems. An increase in privacy noise increases the system’s privacy but adversely affects the system’s performance. Our approach optimizes the noise distribution while shaping closed-loop system dynamics such that the privacy noise has the least impact on system performance and the most effect on system privacy. We further add privacy noise to both control input and system output to privatize the system’s state for an adversary with access to both communication channels and direct output measurements. The study also suggests tailored privacy bounds for different states, providing a comprehensive framework for jointly optimizing system performance and privacy in the context of differential privacy.

I Introduction

In today’s increasingly interconnected and data-driven world, it has become important for connected entities to share information with each other to work efficiently. This applies not just to individuals, but also to Cyber-Physical Systems (CPS) in various sectors, including industrial control systems, power grids, financial markets, and commercial and military communication networks. This pervasive data sharing has also brought forth heightened concerns regarding system security, safety and privacy. With private entities, government organizations, and adversaries engaging in extensive data collection and analysis, the risk of exposing sensitive information has significantly increased, posing potential harm to both individuals and critical systems. This has led to the development of mechanisms providing different kinds of privacy guarantees. Examples include differential privacy, information-theoretic privacy, and privacy based on secure multiparty computation.

Differential privacy was originally designed to protect the data of individuals in static databases, but its application has expanded to address the privacy challenges posed by dynamic and interconnected data ecosystems, such as Cyber-Physical Systems (CPS) and Internet of Things (IoT) devices [1, 2]. At a basic level, a differentially private mechanism ensures that the results of a query remain approximately unchanged if data belonging to any single user, or a single row, in the database are modified [3]. Informally, differential privacy makes similar data appear approximately indistinguishable from one another [4]. The most important feature of differential privacy is its protection from post-processing or its robustness in the presence of side information [5]. However, there is a price associated with making the system differentially private. Differential privacy works by adding noise to the system which leads to a degradation in system performance both in static and dynamic cases [5, 6].

In recent years, researchers have extended the work on differential privacy for static databases to differential privacy for dynamic filters [6], control and dynamical systems [3], differentially private LQ Control [4], multi-agent formation control [7], and Differentially private distributed constrained optimization [8]. In differentially private LQ control [4], the authors consider a multi-agent system described using linear system dynamics and add privacy noise such that every agent’s state trajectory is made approximately indistinguishable from all other state trajectories. The paper provides lower and upper bounds on mean square error (MSE) in state estimation for some minimum and maximum privacy noise among agents, where the combined state is estimated using a standard Kalman filter while designing an LQG control for the overall system. The paper further provides guidelines for choosing the privacy level $\epsilon_{i}$ to bound the MSE in the cloud’s state estimates and further provides the cost of privacy in terms of the increase of the quadratic cost. Kawan and Cao [9, 10] show that the Gaussian mechanism evaluates the maximum eigenvalue of the input observability Gramian and thus the addition of even small noise is enough to make the less input observable Gaussian mechanism highly differentially private.

In this paper, we consider the joint design of dynamic controller and differentially private noise (correlated noise with different variances across channels) such that the system performance loss is minimized for a given privacy metric or the privacy metric is maximized for a given system performance. The idea is to find the optimal privacy noise distribution and simultaneously design the closed-loop system dynamics such that the correlated noises enter the system through channels that have the least impact on system performance and maximize system privacy. It can be understood as the following: the larger noise would only be added through the input/output channels whose effect on the system state has been minimized by designing the closed-loop poles. We design a dynamic controller that directly processes the controller states to generate the control signal instead of first estimating the states and then using it to obtain the control input. We assume a smart adversary that will develop an optimal estimator to generate individual signals for more accurate state estimation by leveraging the additional information about the system dynamics. We consider two kinds of adversaries, one that has access to the communication channel and another that has direct access to the measurements. We express a privacy metric in the presence of smart adversaries in terms of uncertainty in the estimation of individual states. We will further design different privacy bounds in different states as some states might need stricter privacy guarantees than other states. This will also be considered for bounding the system performance across different states based on the underlying system.

The organization of the paper can be laid out as follows: Section §II provides the necessary background on differential privacy and the notation required for the rest of the paper. Section §III gives the relationship between differential privacy and error in state estimate and then formulates the final design problem. Section §IV elaborates the system design approach for a general dynamic controller and correlated differential privacy input and output noises and provides the solution as a convex optimization problem. Section §V gives simulation results for differential privacy of a networked power distribution system with load frequency control under unknown power demand and §VI provides the final concluding remarks along with the future work.

II Review of Differential Privacy

In this section, we review the basic definitions and define the Gaussian mechanism used to enforce differential privacy in dynamical systems. We define the expectation operator by $\mathbb{E}[\cdot]$ and $\mathcal{N}({x},{Y})$ denotes the Gaussian distribution with mean ${x}$ and covariance ${Y}$ . The diagonal matrix generated from a vector ${x}$ is denoted as $\operatorname{diag}({x})$ and the block diagonal matrix is denoted as $\operatorname{blkdiag}({Y}_{1},{Y}_{2},\cdots,{Y}_{3})$ . The symbol $O$ defines a zero matrix with suitable dimensions and $I$ defines the unit matrix of appropriate dimensions. The notations ${X\succ 0}$ and ${Y\succeq 0}$ denote the symmetric positive definite and symmetric positive semidefinite matrices, respectively.

Let us consider agent’s state trajectories of the form $x=(x(1),x(2),\ldots)$ , where $x(k)\in\mathbb{R}^{n_{x}}$ and $\|x(k)\|_{2}<\infty$ for all $k$ , and let us denote the set of all such sequences by $x\in{\ell}_{2}^{n_{x}}$ . Let us define our adjacency relation over ${\ell}_{2}^{n_{x}}$ .

Definition 1.

(Adjacency for trajectories): Let us choose $\beta>0$ as the adjacency parameter and $v,w\in{\ell}_{2}^{n_{x}}$ as two trajectories that are adjacent if $\left\|v-w\right\|_{\ell_{2}}\leq\beta$ . We write $\operatorname{Adj}_{\beta}\left(v,w\right)=1$ if $v$ and $w$ are adjacent, and $\operatorname{Adj}_{\beta}\left(v,w\right)=0$ , otherwise.

This adjacency relation requires that an agent’s state trajectory be made approximately indistinguishable within distance $\beta$ from all other state trajectories. Let us consider that the agent’s output signal is of dimension $n_{y}$ at each point in time and is in the set ${\ell}_{2}^{n_{y}}$ . Next, we define the sensitivity of a dynamical system.

Definition 2.

(Sensitivity): The p-norm sensitivity of a system $\mathcal{G}$ is the greatest distance between two output trajectories that correspond to adjacent state trajectories:

\displaystyle\Delta_{p}\mathcal{G}:=\sup_{x,\tilde{x}|\operatorname{Adj}_{B}(x% ,\tilde{x})=1}\|\mathcal{G}(x)-\mathcal{G}(\tilde{x})\|_{p}.

Now, we define differential privacy for dynamic systems (see [6] for a formal construction).

Definition 3.

(Differential privacy for trajectories): Let $\epsilon>0$ and $\delta\in(0,1/2)$ be given. A mechanism $\mathcal{M}(\cdot)\in\ell_{2}^{n_{y}}$ is $\left(\epsilon,\delta\right)$ -differentially private if, for all adjacent $x,x^{\prime}\in\ell_{2}^{n_{x}}$ , we have:

\displaystyle\mathbb{P}\left[\mathcal{M}\left(x\right)\in S\right]\leq e^{% \epsilon}\mathbb{P}\left[\mathcal{M}\left(x^{\prime}\right)\in S\right]+\delta% \text{ for all }S\in\Sigma_{2}^{n_{y}}.

We now define the Gaussian mechanism.

Lemma 1.

(Gaussian mechanism; [6]): Let us use privacy parameters $\epsilon>0$ and $\delta\in(0,1/2)$ and adjacency parameter $\beta>0$ . Let $\mathcal{G}$ denote a dynamical system and $\Delta_{2}\mathcal{G}$ denote its 2-norm sensitivity. Then the Gaussian mechanism $\mathcal{M}=\mathcal{G}(x)+v^{p}$ makes the system $\left(\epsilon,\delta\right)$ -differentially private with respect to $\operatorname{Adj}_{\beta}$ , if $v^{p}(k)\sim\mathcal{N}\left(0,\sigma^{2}I_{n_{y}}\right)$ , and $\sigma\geq\Delta_{2}\mathcal{G}~{}\beta~{}\kappa\left(\delta,\epsilon\right)$ , where $\kappa\left(\delta,\epsilon\right)=\frac{1}{2\epsilon}\left(K_{\delta}+\sqrt{K% _{\delta}^{2}+2\epsilon}\right)$ , with $K_{\delta}:=\mathcal{Q}^{-1}\left(\delta\right)$ , $\mathcal{Q}$ representing the Gaussian tail integral.

III Problem Formulation

The main objective of the research is to make the state of the agents differentially private by adding privacy noise while achieving the desired system performance. The privacy noise can be added to (refer fig. 1):

•

System output: Add differential privacy noise to the outputs measured by the sensors as $v^{p}_{k}$ .
•

Control input: Add differential privacy noise directly to the control input as $w^{p}_{k}$ .

Refer to caption — Figure 1: Design architecture for making agent’s state differentially private by adding privacy noise to both system inputs and output.

Notice that the control input noise is a physically feasible way to insert privacy noise into the system. Also, the actual privacy noise should be calculated by accounting for the actuator noise present in the system. We further consider two cases based on the capability of the adversary (refer fig. 1):

•

In the first case, the adversary listens to the communication between the agents and the centralized controller ((1) $y^{a}_{k}=\bar{y}_{k}$ ). We add privacy noise to both the outputs measured by the sensor and the control inputs to make the system state differentially private.
•

In the second case, the adversary has his own sensors and has direct access to the output of the system ((2) $y^{a}_{k}=y_{k}$ ), and thus adding output privacy noise alone would not make the system differentially private. Although there is no benefit in adding privacy noise to the sensor side, we still add it and expect the design to remove the privacy noise on the output side.

Let us consider a discrete-time linear time-invariant (LTI) system, along with the addition of output privacy noise and control input privacy noise, described by the following state-space representation:

$\displaystyle x_{k+1}$	$\displaystyle=Ax_{k}+B(u_{k}+w^{p}_{k})+Dw_{k},$	(1)
$\displaystyle y_{k}$	$\displaystyle=Cx_{k}+v_{k},$	(2)
$\displaystyle\bar{y}_{k}$	$\displaystyle=Cx_{k}+v_{k}+v^{p}_{k},$	(3)
$\displaystyle z_{k}$	$\displaystyle=C_{z}x_{k},$	(4)

where $x_{k}\in\mathbb{R}^{n_{x}}$ is the state of the system at time $k$ , $u_{k}\in\mathbb{R}^{n_{u}}$ is the control vector at time $k$ . The initial state vector $x_{0}$ and the process noise at time $k$ , $w_{k}$ , are assumed to be independent random variables. In particular, $w_{k}\sim\mathcal{N}(\mathbf{0},W)$ , $\forall k$ , with $W\in\mathbb{R}^{n_{w}\times n_{w}}$ to be known and fixed covariance matrix. The output of the system $y_{k}\in\mathbb{R}^{n_{y}}$ , is measured by a sensor network with sensor noise modeled as another independent Gaussian random variable $v_{k}\sim\mathcal{N}(\mathbf{0},V)$ , $\forall k$ with $V\in\mathbb{R}^{n_{v}\times n_{v}}$ to be the known and fixed covariance matrix. The performance variable $z_{k}\in\mathbb{R}^{n_{z}}$ defines the variables of interest for the system.

The control input privacy noise, $w^{p}_{k}$ , and output privacy noise, $v^{p}_{k}$ , are modeled as random variables, $w^{p}_{k}\sim\mathcal{N}(\mathbf{0},W^{p})$ and $v^{p}_{k}\sim\mathcal{N}(\mathbf{0},V^{p})$ , $\forall k$ , with $W^{p}$ and $V^{p}$ being the covariance matrix, representing the strength of the added noise. We further define the inverse of the respective noise covariance matrices as:

\Gamma_{w}=W^{p^{-1}},~{}~{}\Gamma_{v}=V^{p^{-1}}.

We assume that the adversary is smart and has full information about the system dynamics, i.e., knowledge of system matrices, $A,B,C,D$ . Moreover, the adversary will design an optimal estimator to estimate the system state $\hat{x}_{k}$ using a general estimator of the form:

	$\displaystyle\hat{x}_{k+1}$	$\displaystyle=\hat{A}\hat{x}_{k}+Bu_{k}+\hat{B}y^{a}_{k},$		(5)
	$\displaystyle e_{k}$	$\displaystyle=x_{k}-\hat{x}_{k},$		(6)

such that the error in the state estimate $e_{k}$ is minimized.

III-A Relationship between differential privacy and error in state estimates due to control input and output privacy noise

In this subsection, we show that the differential privacy of the system state can be represented by the error in the estimation of the state while using the optimal state estimator by the adversary of the form eqs. 5 and 6. In particular, the covariance of the state error estimates $E_{k}=\mathbb{E}[e_{k}e_{k}^{T}]$ can be used as a metric to quantify differential privacy, and an increase in error covariance results in an increase in $\left(\epsilon,\delta\right)$ -differentially privacy.

Lemma 2.

(Gaussian mechanism for dynamical system; [6]): Let $\mathcal{G}$ denote an LTI dynamical system and $\|\mathcal{G}\|_{\infty}<\infty$ and let us use privacy parameters $\epsilon,\delta>0$ . Then the Gaussian mechanism $\mathcal{M}u=\mathcal{G}u+w^{p}$ , where $w^{p}$ is a Gaussian noise with $w^{p}\sim\mathcal{N}\left(0,\sigma^{2}I_{n_{y}}\right)$ , and $\sigma\geq\beta~{}\kappa\left(\delta,\epsilon\right)\|\mathcal{G}\|_{\infty}$ , makes the system $\left(\epsilon,\delta\right)$ -differentially private with respect to $\operatorname{Adj}_{\beta}$ in $u$ , i.e., $\|u-u^{\prime}\|_{2}\leq\beta$ with $\beta>0$ .

Remark 1.

The above lemma allows us to make the control input differential private by directly adding the noise to the control inputs when the output is queried and obtained by passing through an LTI dynamical system. In this paper, we want to make the system state differentially private by adding privacy noise to both system inputs and outputs.

Yazdani et. al. [4] used the level of privacy to calculate the impact on estimation error and showed the relationship between the privacy noise and the trace of covariance of the state error estimates $\operatorname{tr}(E_{k})$ where the state estimates are calculated using a Kalman filter. However, another way to look at the impact of differential privacy from the point of view of an adversary is to hinder his capability to estimate the state trajectories accurately. So if an adversary designs an optimal estimator, the error in estimating state trajectories can be used as a metric of differential privacy. Next, we expand on the results generated in [4] to quantify standard ( $\epsilon,\delta$ )-differential privacy as the error in adversary’s state estimates due to both control input and output privacy noise.

Lemma 3.

For the given dynamical systems in (Eq. (1)-(3)) with both control input privacy noise $w^{p}_{k}\sim\mathcal{N}(\mathbf{0},W^{p})$ and output privacy noise $v^{p}_{k}\sim\mathcal{N}(\mathbf{0},\sigma^{2}I_{n_{y}}-V)$ , with $\sigma=\bar{S}(C)\beta k(\delta,\epsilon)$ , and for a given adjacency $\|x-x^{\prime}\|_{2}\leq\beta$ with $\beta>0$ , if the states are ( $\epsilon,\delta$ )-differential private with $\delta\in[10^{-5},10^{-1}]$ and

	$\displaystyle\epsilon$	$\displaystyle\leq\left(\frac{\bar{S}(C)^{2}\beta^{2}(n_{x}-\operatorname{tr}% \left(\underline{E})\underline{\lambda}(\Psi)^{-1}\right)}{\operatorname{tr}(% \underline{E})C_{u}^{2}}\right)^{1/2},$
	$\displaystyle\Psi$	$\displaystyle=DWD^{T}+BW^{p}B^{T},$
	$\displaystyle V^{p}$	$\displaystyle=\sigma^{2}I_{n_{y}}-V$

where $\bar{S}(\cdot)$ represents the maximum singular value, $\underline{\lambda}(\cdot)$ represents the smallest eigenvalue of the matrix, and $C_{u}$ is the value of $C$ corresponding to the index for which the diagonal element of $C^{T}(V+V^{p})^{-1}C)$ is maximum, then the state error estimate is lower bounded by $\operatorname{tr}(\underline{E})$ with $\mathbb{E}[e_{k}e_{k}^{T}]>\underline{{E}}$ .

Proof.

Here we consider both control input privacy noise and output privacy noise along with the already present process and measurement noise. Thus the equation for a priori state error covariance follows:

\Sigma=A(\Sigma^{-1}+C^{T}(V+V^{p})^{-1}C)^{-1}A^{T}+DWD^{T}+BW^{p}W^{T},

and for a posteriori state error covariance follows:

\overline{\Sigma}=(\Sigma^{-1}+C^{T}(V+V^{p})^{-1}C)^{-1}.

After that, it follows directly from (Theorem 2 of [4]) where we consider a single agent with state dimension $n_{x}$ instead of the multi-agent case. ∎

The above result is used to show that enforcing differential privacy to the systems’ state ensures a lower bound on state estimation error. Please note that the above result provides a necessary condition for differential privacy based on the lower bound on state estimation error. More work is needed to find the bounds for sufficiency.

Remark 2.

Please note that both the performance norm $\mathbb{E}[z_{k}z_{k}^{T}]$ and the estimator error covariance $\mathbb{E}[e_{k}e_{k}^{T}]$ increases with an increase in output and control input privacy noises, and our objective is to find the optimum noise level along with the controller and estimator to minimize the performance norm for a given error covariance.

Main Design Problem Formulation: Design the strength of privacy noises, $W^{p}(\Gamma_{w})$ and $V^{p}(\Gamma_{v})$ , and an optimal state estimator of the form eqs. 5 and 6, and a general linear dynamic controller of the form:

	$\displaystyle x^{c}_{k+1}$	$\displaystyle=A_{c}\,x^{c}_{k}+B_{c}\,\bar{y}_{k},$		(7)
	$\displaystyle u_{k}$	$\displaystyle=C_{c}\,x^{c}_{k}+D_{c}\,\bar{y}_{k}.$		(8)

such that the state error covariance $\mathbb{E}[e_{k}e_{k}^{T}]$ is maximized while closed-loop system performance is bounded $\mathbb{E}[z_{k}z_{k}^{T}]\leq\bar{\mathbf{Z}}$ .

\displaystyle\begin{array}[]{lll}\max_{\{A_{c},B_{c},C_{c},D_{c},\Gamma_{w},% \Gamma_{v},\hat{A},\hat{B}\}}&\operatorname{tr}(\mathbb{E}[e_{k}e_{k}^{T}])\\ \textit{s.t.}&\mathbb{E}[z_{k}z_{k}^{T}]\leq\bar{\mathbf{Z}}.\end{array}

(11)

Another problem of interest can be to minimize the closed-loop system performance $\mathbb{E}[z_{k}z_{k}^{T}]$ while lower bounding the state error covariance $\mathbb{E}[e_{k}e_{k}^{T}]>\underline{{E}}$ for some given $\underline{{E}}$ , i.e., to have higher differential privacy than some specified limit.

\displaystyle\begin{array}[]{lll}\min_{\{A_{c},B_{c},C_{c},D_{c},\Gamma_{w},% \Gamma_{v},\hat{A},\hat{B}\}}&\operatorname{tr}(\mathbb{E}[z_{k}z_{k}^{T}])\\ \textit{s.t.}&\mathbb{E}[e_{k}e_{k}^{T}]\geq\mathbf{\underline{E}}.\end{array}

(14)

For the two cases that we discussed based on the capabilities of the adversary, the information available to the estimator would change from (1) $y^{a}_{k}=\bar{y}_{k}$ to (2) $y^{a}_{k}=y_{k}$ .

Remark 3.

Notice that the estimator design from the point of view of the adversary is general and can be used to simultaneously design the estimator with the privacy noise for the case of open loop system dynamics also, i.e. with $u_{k}=0$ .

IV Final Design Solution Development

In this section, we develop frameworks for the co-design of input and output privacy noise with a dynamic feedback controller; and the co-design of input and output privacy noise with an optimal estimator. We further provide the final design algorithm for the two cases of adversarial capabilities. In both cases, we formulate the problem such that the controller gets the output signal with added privacy noise $v^{p}$ and let the optimization solve the optimal privacy noise.

IV-A Adversary with access to communication channels

For the case where the adversary listens to the noisy output passed through the communication channel $y^{a}_{k}=\bar{y}_{k}=Cx_{k}+v_{k}+v^{p}_{k}$ , the final design problem can be solved using the following result.

Theorem 1.

For the dynamical system given in eqs. 1 and 3 with adversary listening through the communication channel, and to maximize differential privacy for a fixed performance bound, the optimal design solution with privacy noises, $W^{p}(\Gamma_{w})$ and $V^{p}(\Gamma_{v})$ , an optimal state estimator of the form eqs. 5 and 6, and a general linear dynamic controller of the form eqs. 7 and 8, can be solved as a convex optimization problem using the following LMIs:

\displaystyle\textit{minimize}_{\{A_{c},B_{c},C_{c},\Gamma_{w},\Gamma_{v},\hat% {A},\hat{B}\}}~{}\operatorname{trace}\left(\Gamma_{w}+\Gamma_{v}\right),

\begin{bmatrix}X&I&AX+BL&A&D&B&O&O\\ (\cdot)^{T}&Y&Q&YA+FC&YD&YB&F&F\\ (\cdot)^{T}&(\cdot)^{T}&X&I&O&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&Y&O&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&W^{-1}&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{w}&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&V^{-1}% &O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot% )^{T}&\Gamma_{v}\end{bmatrix}>O,

(15)

\begin{bmatrix}\bar{\mathbf{Z}}&C_{z}X&C_{z}\\ (\cdot)^{T}&X&I\\ (\cdot)^{T}&(\cdot)^{T}&Y\end{bmatrix}>O,

(16)

\begin{bmatrix}\hat{X}&I&A\hat{X}&A&D&B&O&O\\ (\cdot)^{T}&\hat{Y}&\hat{Q}&\hat{Y}A+\hat{F}C&\hat{Y}D&\hat{Y}B&\hat{F}&\hat{F% }\\ (\cdot)^{T}&(\cdot)^{T}&\hat{X}&I&O&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\hat{Y}&O&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&W^{-1}&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{w}&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&V^{-1}% &O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot% )^{T}&\Gamma_{v}\end{bmatrix}>O,

(17)

\begin{bmatrix}\bar{\mathbf{E}}&\hat{X}-\hat{U}&I\\ (\cdot)^{T}&\hat{X}&I\\ (\cdot)^{T}&(\cdot)^{T}&\hat{Y}\end{bmatrix}>O,

(18)

and finally, the optimal estimator and dynamic controller can be calculated as:

	$\displaystyle\hat{A}$	$\displaystyle=\hat{S}^{-1}(\hat{Q}-\hat{Y}A\hat{X}-\hat{F}C\hat{X})\hat{U}^{-1},$		(19)
	$\displaystyle\hat{B}$	$\displaystyle=\hat{S}^{-1}\hat{F},$		(20)

\begin{split}\begin{bmatrix}A_{c}&B_{c}\\ C_{c}&D_{c}\end{bmatrix}=&\begin{bmatrix}S^{-1}&-S^{-1}YB\\ O&I\end{bmatrix}\begin{bmatrix}Q-YAX&F\\ L&O\end{bmatrix}\\ &\cdot\begin{bmatrix}U^{-1}&O\\ -CXU^{-1}&I\end{bmatrix}.\end{split}

(21)

Proof.

We first design the dynamic controller of the form eqs. 7 and 8. We assume the direct feedforward term in the dynamic controller to be zero $D_{c}=O$ for the bounded control input covariance. Using the above compensator, the closed-loop system dynamics can be written using the augmented state vector $\mathbf{x}^{T}:=\begin{bmatrix}x^{T}&{x^{c}}^{T}\end{bmatrix}$ with augmented process noise $\mathbf{w}^{T}:=\begin{bmatrix}w^{T}&w^{p^{T}}&v^{T}&v^{p^{T}}\end{bmatrix}$ as:

	$\displaystyle\mathbf{x}_{k+1}$	$\displaystyle=\mathbf{A}\,\mathbf{x}_{k}+\mathbf{B}\,\mathbf{w}_{k},$		(22)
	$\displaystyle{z}_{k}$	$\displaystyle=\mathbf{C}\,\mathbf{x}_{k},$		(23)

\displaystyle\text{where}~{}~{}\mathbf{A}=\begin{bmatrix}A&BC_{c}\\ B_{c}C&A_{c}\end{bmatrix},~{}\mathbf{B}=\begin{bmatrix}D&B&O&O\\ O&O&B_{c}&B_{c}\end{bmatrix},

$\mathbf{C}=\begin{bmatrix}C_{z}&O\end{bmatrix}$ and $\mathbf{w}_{k}\sim\mathcal{N}(\mathbf{0},\mathbf{W})$ , where

\displaystyle\mathbf{W}^{-1}=\begin{bmatrix}W^{-1}&O&O&O\\ O&\Gamma_{w}&O&O\\ O&O&V^{-1}&O\\ O&O&O&\Gamma_{v}\end{bmatrix}.

(28)

It is a standard result that the above closed loop system is stable and a steady-state state covariance matrix ( $\mathbf{X}>0$ ) exists, if:

\mathbf{A}\mathbf{X}\mathbf{A}^{T}+\mathbf{B}\mathbf{W}\mathbf{B}^{T}<\mathbf{% X},

(29)

which using Schur’s complement gives:

\begin{bmatrix}\mathbf{X}&\mathbf{A}\mathbf{X}&\mathbf{B}\\ (\cdot)^{T}&\mathbf{X}&O\\ (\cdot)^{T}&(\cdot)^{T}&\mathbf{W}^{-1}\end{bmatrix}>O,

(30)

where $(\cdot)^{T}$ represents the corresponding transpose of the symmetric block. It is straightforward to show that the performance covariance can be bounded as: $\mathbf{C}\mathbf{X}\mathbf{C}^{T}<\bar{\mathbf{Z}},$ which can be written as:

\begin{bmatrix}\bar{\mathbf{Z}}&\mathbf{C}\mathbf{X}\\ (\cdot)^{T}&\mathbf{X}\end{bmatrix}>O.

(31)

Notice that the constraint in Eqn. (30) is not an LMI. We need to perform congruence transformation and change of variables to convert them to LMIs [11, 12]. Let us define and partition the matrix as:

\mathbf{X}\triangleq\begin{bmatrix}X&U^{T}\\ U&\hat{X}\end{bmatrix},\quad\mathbf{X}^{-1}\triangleq\begin{bmatrix}Y&S\\ S^{T}&\hat{Y}\end{bmatrix},

and the transformation matrix

\mathbf{T}\triangleq\begin{bmatrix}I&Y\\ O&S^{T}\end{bmatrix}

and associated congruence transformation matrices

\mathbb{T}\triangleq\begin{bmatrix}\mathbf{T}&O&O\\ O&\mathbf{T}&O\\ O&O&I\end{bmatrix},\tilde{\mathbb{T}}\triangleq\begin{bmatrix}I&O\\ O&\mathbf{T}\end{bmatrix}.

Applying $\{\mathbb{T},\tilde{\mathbb{T}}\}$ to Eqn. (30) and Eqn. (31), we obtain:

\mathbb{T}^{T}\begin{bmatrix}\mathbf{X}&\mathbf{A}\mathbf{X}&\mathbf{B}\\ (\cdot)^{T}&\mathbf{X}&O\\ (\cdot)^{T}&(\cdot)^{T}&\mathbf{W}^{-1}\end{bmatrix}\mathbb{T}>O,

(32)

\tilde{\mathbb{T}}^{T}\begin{bmatrix}\bar{\mathbf{Z}}&\mathbf{C}\mathbf{X}\\ (\cdot)^{T}&\mathbf{X}\end{bmatrix}\tilde{\mathbb{T}}>O.

(33)

Expansion of eqs. 32 and 33 under an appropriate change of variables leads to a set of LMIs eqs. 15 and 16 that do not depend on $S$ or $U$ . Once the $X,Y$ are obtained, matrices $S$ and $U$ need to be constructed using:

YX+SU=I,

(34)

and, a handy choice of $U$ and $S$ satisfying eq. 34 is $S=Y$ , then $U=Y^{-1}-X$ . Notice that when the controller has the same order as the plant, $S$ and $U$ are square and non-singular matrices, in which case the controller gain matrices can be calculated using eq. 21.

Although the original problem was to maximize the $\mathbb{E}[e_{k}e_{k}^{T}]$ to increase the differential privacy, but an increase in error covariance can also result from suboptimal estimator gains. However, as we consider a smart adversary, who would always design an optimal estimator, we update the design problem to maximize the privacy noises while bounding the error covariance.

Let us design the estimator to bound the error covariance for different states with the estimator dynamics given as:

\displaystyle\hat{x}_{k+1}=\hat{A}\hat{x}_{k}+Bu_{k}+\hat{B}y^{a}_{k}.

(35)

Combining the above estimator and the underlying dynamics given in eqs. 1 and 2, the combined dynamics can be written using the augmented state vector $\mathbf{\hat{x}}^{T}:=\begin{bmatrix}x^{T}&{\hat{x}}^{T}\end{bmatrix}$ as:

\displaystyle\mathbf{\hat{x}}_{k+1}

\displaystyle=\mathbf{\hat{A}}\,\mathbf{\hat{x}_{k}}+\mathbf{\hat{B}}\,\mathbf% {w}_{k},

(36)

\displaystyle\text{where}~{}\mathbf{\hat{A}}=\begin{bmatrix}A&O\\ \hat{B}C&\hat{A}\end{bmatrix},~{}~{}\mathbf{\hat{B}}=\begin{bmatrix}D&B&O&O\\ O&O&\hat{B}&\hat{B}\end{bmatrix},

(41)

and the error in estimation can be written as:

\displaystyle\mathbf{e}_{k}=\mathbf{\hat{C}}\mathbf{\hat{x}}_{k},~{}~{}~{}% \mathbf{\hat{C}}=\begin{bmatrix}I&-I\end{bmatrix},

(43)

Similar to the previous development for the existence of the steady-state state covariance matrix ( $\mathbf{\hat{X}}>0$ ) and stability of the system, we write:

\begin{bmatrix}\mathbf{\hat{X}}&\mathbf{\hat{A}}\mathbf{\hat{X}}&\mathbf{\hat{% B}}\\ (\cdot)^{T}&\mathbf{\hat{X}}&O\\ (\cdot)^{T}&(\cdot)^{T}&\mathbf{W}^{-1}\end{bmatrix}>O,

(44)

and the error covariance can be bounded as:

\begin{bmatrix}\bar{\mathbf{E}}&\mathbf{\hat{C}}\mathbf{\hat{X}}\\ (\cdot)^{T}&\mathbf{\hat{X}}\end{bmatrix}>O.

(45)

Again noticing that the constraint in Eqn. (44) is not an LMI, we follow a similar procedure, by partitioning the state covariance matrix and performing the congruence transformation to obtain the LMIs given in eqs. 17 and 18. Once the $\hat{X},\hat{Y},\hat{U},\hat{F},\hat{Q}$ are obtained, matrix $\hat{S}$ can be constructed using:

\hat{S}=(I-\hat{Y}\hat{X})\hat{U}^{-1},

(46)

and the estimator matrices can be constructed using eqs. 19 and 20. ∎

IV-B Adversary with direct access to measurements

For the case where the adversary uses his own sensors to measure the system output $y^{a}_{k}=y_{k}=Cx_{k}+v_{k}$ , the output privacy noise will not help in privatizing the system and the final design problem will change as follows.

Theorem 2.

For the dynamical system given in eqs. 1 and 3 with an adversary using his own sensors to measure the system output, and to maximize differential privacy for a fixed performance bound, the optimal design solution with privacy noises, $W^{p}(\Gamma_{w})$ and $V^{p}(\Gamma_{v})$ , an optimal state estimator (eqs. 5 and 6), and a general linear dynamic controller (eqs. 7 and 8), can be solved as a convex optimization problem using the following LMIs:

\displaystyle\textit{minimize}_{\{A_{c},B_{c},C_{c},\Gamma_{w},\Gamma_{v},\hat% {A},\hat{B}\}}~{}\operatorname{trace}\left(\Gamma_{w}\right),

$\mathbb{E}[z_{k}z_{k}^{T}]<\bar{\mathbf{Z}}\rightarrow$ (eqs. 15 and 16 (LMIs),

\begin{bmatrix}\hat{X}&I&A\hat{X}&A&D&B&O\\ (\cdot)^{T}&\hat{Y}&\hat{Q}&\hat{Y}A+\hat{F}C&\hat{Y}D&\hat{Y}B&\hat{F}\\ (\cdot)^{T}&(\cdot)^{T}&\hat{X}&I&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\hat{Y}&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&W^{-1}&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{w}&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&V^{-1}% \end{bmatrix}>O,

(47)

\begin{bmatrix}\bar{\mathbf{E}}&\hat{X}-\hat{U}&I\\ (\cdot)^{T}&\hat{X}&I\\ (\cdot)^{T}&(\cdot)^{T}&\hat{Y}\end{bmatrix}>O,

(48)

and finally, the optimal estimator and dynamic controller can be calculated as eqs. 19 and 20 and eq. 21.

Proof.

The design solution for the dynamic controller is the same as the previous solution. The proof follows similarly to the previous design solution with $y^{a}_{k}=\bar{y}_{k}$ replaced with $y^{a}_{k}={y}_{k}$ and thus the derivation for the equation for the estimator follows naturally from eqs. 17 and 18 to the above-mentioned results. ∎

Remark 4.

Notice that the design solution presented in Theorem 1 and Theorem 2 is overparameterized, i.e., can help many different controllers/estimators to obtain the same result with different realizations of $YX+SU=I$ and that can further serve as an optimization domain for some other higher level objective function.

IV-C Estimator for unstable systems

The discrete estimator design approach presented earlier is not valid for unstable systems as eq. 44 requires the system matrix $\mathbf{\hat{A}}$ to be stable for a valid positive definite solution for $\mathbf{\hat{X}}>O$ . Thus, we now present the results for unstable system dynamics which restricts the estimator design to:

\displaystyle\hat{x}_{k+1}=\hat{A}\hat{x}_{k}+Bu_{k}+\hat{B}y^{a}_{k},~{}\text% {where}~{}\hat{A}=A-\hat{B}C,

and thus $\hat{B}$ is the only design variable for the estimator. Notice that the control input will cancel out in the estimator as the adversary also has direct access to it. Combining the above estimator and the underlying dynamics given in eqs. 1 and 2, the error dynamics can be written as:

\displaystyle e_{k+1}=(A-\hat{B}C)e_{k}+Dw_{k}+Bw^{p}_{k}-\hat{B}v_{k}-\hat{B}% v^{p}_{k}.

Now for the unstable dynamical system, the system design problem can be solved using the following results. Notice that the approach can also be used to only design an estimator and input/output privacy noises for the case of an open-loop unstable dynamical process.

Corollary 1.

For the unstable dynamical system given in eqs. 1 and 3 with an adversary using his own sensors to measure the output, and to maximize differential privacy for a fixed performance bound, the optimal design solution with privacy noises, $W^{p}(\Gamma_{w})$ and $V^{p}(\Gamma_{v})$ , an optimal state estimator of the form eqs. 5 and 6, and a general linear dynamic controller of the form eqs. 7 and 8, can be solved as a convex optimization problem using the following LMIs:

\displaystyle\textit{minimize}_{\{A_{c},B_{c},C_{c},\Gamma_{w},\Gamma_{v},\hat% {B}\}}~{}\operatorname{trace}\left(\Gamma_{w}+\Gamma_{v}\right),

$\mathbb{E}[z_{k}z_{k}^{T}]<\bar{\mathbf{Z}}\rightarrow$ (eqs. 15 and 16 (LMIs),

	$\displaystyle~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}\begin{bmatrix}\bar{% \mathbf{E}}&I\\ I&\hat{Y}\end{bmatrix}>O,$		(51)
	$\displaystyle\begin{bmatrix}\hat{Y}&\hat{Y}A-\hat{Z}C&\hat{Y}D&\hat{Y}B&\hat{Z% }&\hat{Z}\\ (\cdot)^{T}&\hat{Y}&O&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&W^{-1}&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{w}&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&V^{-1}&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{v}\end{% bmatrix}>O,$		(58)

and finally, the dynamic controller can be calculated as eq. 21 and optimal estimator as: $\hat{B}=\hat{Y}^{-1}\hat{Z}.$

Proof.

We use the standard result that the error dynamics is stable and a steady-state error covariance matrix ( ${E}>0$ ) is bounded, if: $E<\bar{\mathbf{E}}$

	$\displaystyle(A-\hat{B}C)E(A-\hat{B}C)^{T}$	$\displaystyle+DWD^{T}+BW^{p}B^{T}$
	$\displaystyle~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{% }+\hat{B}V\hat{B}^{T}+$	$\displaystyle\hat{B}V^{p}\hat{B}^{T}<E,$

which can be written using Schur’s complement:

	$\displaystyle~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{% }~{}~{}E<\bar{\mathbf{E}},$
	$\displaystyle\begin{bmatrix}E&A-\hat{B}C&D&B&\hat{B}&\hat{B}\\ (\cdot)^{T}&E^{-1}&O&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&W^{-1}&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{w}&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&V^{-1}&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{v}\end{% bmatrix}>O.$

Then, we defined $\hat{Y}=E^{-1}$ and multiplied both sides by matrix $[\operatorname{blkdiag}(\hat{Y},I,I,I)]$ to apply congruence transformation and finally defined $\hat{Z}=\hat{Y}\hat{B}$ to obtain the LMIs in $\hat{Y},\hat{Z},\Gamma_{w}$ and $\Gamma_{v}$ as eqs. 51 and 58. ∎

Corollary 2.

Similar to Corollary 1, but with an adversary using his own sensors to measure the system output, the optimal design problem can be solved as a convex optimization problem using the following LMIs:

\displaystyle\textit{minimize}_{\{A_{c},B_{c},C_{c},\Gamma_{w},\Gamma_{v},\hat% {B}\}}~{}\operatorname{trace}\left(\Gamma_{w}\right),

$\mathbb{E}[z_{k}z_{k}^{T}]<\bar{\mathbf{Z}}\rightarrow$ (eqs. 15 and 16 (LMIs),

	$\displaystyle~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}\begin{bmatrix}\bar{% \mathbf{E}}&I\\ I&\hat{Y}\end{bmatrix}>O,$		(61)
	$\displaystyle\begin{bmatrix}\hat{Y}&\hat{Y}A-\hat{Z}C&\hat{Y}D&\hat{Y}B&\hat{Z% }\\ (\cdot)^{T}&\hat{Y}&O&O&O\\ (\cdot)^{T}&(\cdot)^{T}&W^{-1}&O&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&\Gamma_{w}&O\\ (\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&(\cdot)^{T}&V^{-1}\end{bmatrix}>O.$		(67)

and finally, the dynamic controller can be calculated as eq. 21 and optimal estimator as: $\hat{B}=\hat{Y}^{-1}\hat{Z}.$

V Simulation Results

The Load Frequency Control (LFC) system maintains a balanced power distribution across different regions by continuously aligning energy demand with generation. LFC involves the transmission of data from remote areas to a central control center, and back to the power production facilities. This communication process in power grids has well-known privacy concerns and thus becomes the motivation for our example [4, 13]. We illustrate the performance of the proposed architecture on a connected four-area network which is obtained from a network-reduced IEEE New England 39-bus system [14]. We consider a lossless, connected, and network-reduced power system with each generator modeled by the following equation [14]:

	$\displaystyle\dot{\theta}_{i}(t)$	$\displaystyle=\omega_{i}(t),$
	$\displaystyle M_{i}\dot{\omega}_{i}(t)$	$\displaystyle=-D_{i}\omega_{i}(t)-\sum_{j=1}^{n}B_{ij}V_{i}V_{j}\sin(\theta_{i% }(t)-\theta_{j}(t))$
		$\displaystyle~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}+P_{t_{i}}(% t)+w_{p_{i}}(t),$
	$\displaystyle\tau_{t_{i}}\dot{P}_{t_{i}}(t)$	$\displaystyle=-P_{t_{i}}(t)-R_{i}^{-1}\omega_{i}(t)+u_{i}(t),$

where $\theta_{i}(t)$ is the generator rotor angles w.r.t a synchronously rotating reference axis, $\omega_{i}(t)$ is the frequency deviation w.r.t a synchronous frequency which is $120\pi$ for a 60 Hz system, $M_{i}$ represents the inertia, $D_{i}$ represents the damping matrix, $w_{p_{i}}$ represents the unknown power demand modeled as disturbance, $R_{i}$ represents the frequency-droop, and $P_{t_{i}}(t)$ and $\tau_{t_{i}}$ are the turbine power and time constants, respectively [14]. We linearize the generator model and define the state with four-area network system as:

\dot{x}(t)=A_{c}x(t)+B_{c}u(t)+Dw_{p}(t),

x=[\theta_{1}~{}\omega_{1}~{}P_{t_{1}}~{}\theta_{2}~{}\omega_{2}~{}P_{t_{2}}~{% }\theta_{3}~{}\omega_{3}~{}P_{t_{3}}~{}\theta_{4}~{}\omega_{4}~{}P_{t_{4}}]^{T},

u(t)=[u_{1}(t)~{}u_{2}(t)~{}u_{3}(t)~{}u_{4}(t)]^{T},

with the parameters for the networked system given in table I. Finally, we discretize the system dynamics with $A=e^{A_{c}\Delta t}$ and $B=\int_{0}^{\Delta t}e^{A_{c}\tau}B_{c}d\tau$ , where $\Delta t$ is the sampling period.

TABLE I: Network Parameters

Parameters	Area 1	Area 2	Area 3	Area 4
$M_{i}$	0.1667	0.2222	0.16	0.1304
$D_{i}$	0.0083	0.0088	0.0080	0.0088
$R_{i}$	$2.4$	$2.7$	$2.5$	$2$
$\tau_{t}$	0.3	0.33	0.35	0.375

The communication graph structure is the same as the physical connection graph (fig. 2), with all the per unit line voltages chosen to be $V_{i}=V_{j}=1$ and line coefficients of the power flow are taken as $B_{12}=B_{21}=B_{13}=B_{31}=$ $B_{23}=B_{32}=B_{14}=B_{41}=0.545$ p.u. and $B_{24}=B_{42}=B_{34}=$ $B_{43}=0$ [14]. We assume the measurement model to be graph Laplacian:

	$\displaystyle y_{1}$	$\displaystyle=(\theta_{1}-\theta_{2})+(\theta_{1}-\theta_{3})+(\theta_{1}-% \theta_{4}),$
	$\displaystyle y_{2}$	$\displaystyle=(\theta_{2}-\theta_{3})+(\theta_{2}-\theta_{1}),$
	$\displaystyle y_{3}$	$\displaystyle=(\theta_{3}-\theta_{1})+(\theta_{3}-\theta_{2}),$
	$\displaystyle y_{4}$	$\displaystyle=(\theta_{4}-\theta_{1})+(\theta_{4}-\theta_{ref}).$

The above measurement model implies that each individual area measures the sum of the phase difference between itself and physically connected areas through net tie-line active power flow measurement. We assume that we can measure the absolute phase angle of area 4 by comparing it with known reference $\theta_{ref}=0$ . We bound the deviation in turbine power by choosing the performance variable state as: $z_{t}=[P_{t_{1}}~{}P_{t_{2}}~{}P_{t_{3}}~{}P_{t_{4}}]$ and want to obtain the same level of privacy in frequency deviation for each area in the system $\omega_{i}$ .

The design problem is to find the optimal privacy noise in control input and output channels and simultaneously design the controller to bound the covariance of the deviation in the turbine power $Z_{P_{t_{i}}}$ while preserving the privacy of the frequency deviation for each area $E_{\omega_{i}}$ . Figure 3 shows the optimal input privacy noises for each of the control inputs to obtain the same level of privacy for each of $E_{\omega_{i}}$ . Notice that the intensity of the noise required is different in each channel based on the open loop and finally the closed-loop dynamics of each area. Also, the intensity of the noise increases with the level of privacy but there is a change in respective ratios of the noise intensity between different channels showing a non-scaled parameterization of the privacy noise and thus the need for the co-design of the noises and the controller. Also, notice that the amount of privacy noise required for the second case with ( $y^{a}_{k}={y}_{k}$ ) is more than the first case ( $y^{a}_{k}=\bar{y}_{k}$ ) as there is no contribution from the output privacy noise towards the privacy of the system.

Figure 4 shows similar plots for the optimal output privacy noise for two cases that are based on adversarial capabilities. Notice that the amount of privacy signal required to obtain the desired performance bound increases with an increase in desired differential privacy. Moreover, the amount of privacy noise added in the output channel is much higher than the input channels as the output channel directly affects the state estimates and indirectly affects the system performance after passing through the controller dynamics, but the input channel directly affects the system performance and indirectly affects state estimates after passing through the system dynamics. Notice that the amount of noise added in the second case with ( $y^{a}_{k}={y}_{k}$ ) is zero as it does not help increase the differential privacy but adversely affects the system performance.

Finally, fig. 5 shows the plots for the system performance in terms of variance of deviation in turbine power for different areas. Notice that higher differential privacy results in a higher variance in deviation, i.e., an adverse effect on system performance. Notice that we minimized the performance loss for the given privacy level and thus different areas result in different performance levels. Also, the variance in deviation is higher for the second case with a stronger adversary with direct access to the measurement as only input privacy noise is effective in providing privacy which has a worse effect on system performance.

VI Conclusion

The paper showed that the joint design of differential privacy noise distribution and a general dynamic controller can be posed as a convex optimization problem using the Linear Matrix Inequalities framework. The framework adds privacy noise to both control input and system output to privatize the system’s state. The co-design problem also designs an optimal estimator from the perspective of the adversary with access to both communication channels and direct output measurements. The simulation results show the interplay between the controller gains and the privacy noise to obtain the desired level of privacy while minimizing the system performance as a measure of the variance of deviation from reference. The results show the effectiveness of input and output privacy noise based on the capabilities of the adversary and show the need for the co-design of the privacy noises with the controller.

References

[1] C. Dwork, A. Roth et al., “The algorithmic foundations of differential privacy,” Foundations and Trends® in Theoretical Computer Science, vol. 9, no. 3–4, pp. 211–407, 2014.
[2] C. Dwork, “Differential privacy: A survey of results,” in International conference on theory and applications of models of computation. Springer, 2008, pp. 1–19.
[3] S. Han and G. J. Pappas, “Privacy in control and dynamical systems,” Annual Review of Control, Robotics, and Autonomous Systems, vol. 1, pp. 309–332, 2018.
[4] K. Yazdani, A. Jones, K. Leahy, and M. Hale, “Differentially private lq control,” IEEE Transactions on Automatic Control, vol. 68, no. 2, pp. 1061–1068, 2022.
[5] M. U. Hassan, M. H. Rehmani, and J. Chen, “Differential privacy techniques for cyber physical systems: a survey,” IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 746–789, 2019.
[6] J. Le Ny and G. J. Pappas, “Differentially private filtering,” IEEE Transactions on Automatic Control, vol. 59, no. 2, pp. 341–354, 2013.
[7] C. Hawkins and M. Hale, “Differentially private formation control: Privacy and network co-design,” arXiv preprint arXiv:2205.13406, 2022.
[8] S. Han, U. Topcu, and G. J. Pappas, “Differentially private distributed constrained optimization,” IEEE Transactions on Automatic Control, vol. 62, no. 1, pp. 50–64, 2016.
[9] Y. Kawano and M. Cao, “Design of privacy-preserving dynamic controllers,” IEEE Transactions on Automatic Control, vol. 65, no. 9, pp. 3863–3878, 2020.
[10] Y. Kawano and M. Cao, “Differential privacy and qualitative privacy analysis for nonlinear dynamical systems,” IFAC-PapersOnLine, vol. 51, no. 23, pp. 52–57, 2018.
[11] C. Scherer, P. Gahinet, and M. Chilali, “Multiobjective output-feedback control via lmi optimization,” IEEE Transactions on Automatic Control, vol. 42, no. 7, pp. 896–911, 1997.
[12] R. Goyal, M. Majji, and R. E. Skelton, “Integrating structure, information architecture and control design: Application to tensegrity systems,” Mechanical Systems and Signal Processing, vol. 161, p. 107913, 2021.
[13] P. McDaniel and S. McLaughlin, “Security and privacy challenges in the smart grid,” IEEE Security & Privacy, vol. 7, no. 3, pp. 75–77, 2009.
[14] H. Bevrani, Robust power system frequency control. Springer, 2014, vol. 4.

System Design Approach for Control of Differentially Private Dynamical Systems

Abstract

I Introduction

II Review of Differential Privacy

Definition 1.

Definition 2.

Definition 3.

Lemma 1.

III Problem Formulation

III-A Relationship between differential privacy and error in state estimates due to control input and output privacy noise

Lemma 2.

Remark 1.

Lemma 3.

Proof.

Remark 2.

Remark 3.

IV Final Design Solution Development

IV-A Adversary with access to communication channels

Theorem 1.

Proof.

IV-B Adversary with direct access to measurements

Theorem 2.

Proof.

Remark 4.

IV-C Estimator for unstable systems

Corollary 1.

Proof.

Corollary 2.

V Simulation Results

VI Conclusion

References

System Design Approach for Control of Differentially Private
Dynamical Systems